Environment
Novell Open Enterprise Server 2 SP2 (OES 2SP2) Linux
Novell Open Enterprise Server 2 SP3 (OES 2SP3) Linux
Domain Services for Windows
DSFW
Novell Open Enterprise Server 2 SP3 (OES 2SP3) Linux
Domain Services for Windows
DSFW
Situation
When logging into the domain the following error message is displayed "The system could not log you on now because the domain <dsfw domain> is not available."
Packet trace shows "KRB Error: KRB5KDC_ERR_PREAUTH_FAILED"
Kerberos error code "KRB5KDC_ERR_PREAUTH_FAILED (24)"
Packet trace shows "KRB Error: KRB5KDC_ERR_PREAUTH_FAILED"
Kerberos error code "KRB5KDC_ERR_PREAUTH_FAILED (24)"
Resolution
There are two reasons that the user is not able to login to the DSfW domain.
- Verify there is a password policy assigned to the user/container/partition. TID 7006254 has more information on verifying the password policy settings.
- The user does not have the supplementalCredentials attribute populated. The supplementalCredentials is required for authentication. Usually this means the Universal Password is not populated (nmas). If the user has a password policy then the Universal Password can be populated by logging in with an ldap client, from a workstation with the Novell client, or by doing a ndslogin from the terminal.